The day to day ramblings of an IT Professional and Community Leader

Distinguished Names: How do I…

Yeah yeah, I know… A little while ago I talked about how to determine the Distinguished Name (DN) of an Active Directory Object, and I got a flurry of requests for doing it with PowerShell.

Now, normally I do like to show you how to do things via the GUI, and then what the PowerShell cmdlet would be for the same task. However since I didn’t actually show a GUI way of doing it, I didn’t think to show you the PowerShell way of doing it. My bad… Here you go!

1) Let’s say you want to get the DN of all objects with the name Mitch in it. We can use the Get-ADObect cmdlet. Like so:

Get-ADObject –Filter { CN –like “Mitch*” }

Okay, that’s not bad… but what am I going to do with a DN that includes an ellipses? Of course that is useless, so instead let’s use a full list,… or |fl:

Get-ADObject –Filter { CN –like “Mitch*” } |fl

So here we see the full DN (with the domain name hidden to protect the customer’s identity).

Of course, if you don’t want a whole list, and you know the exact name of the Active Directory Object, you can change the parameters, so:

Get-ADObject –Filter { CN –eq “Mitchell Garvis” } |fl

We have eliminated the need for wildcards by changing the switch from –like to –eq, but we now need the exact name (no typos now!) for it to work.

2) The problem is, that doesn’t seem to work with Organization Units, which is what I was talking about in the first place. So try this:

Get-ADObject –LDAPFilter “(objectClass=organizationalUnit)” |fl

Here we have changed the switch from –Filter to –LDAPFilter, and are able to see the entire list of our Object Class… in this case OUs, but you can change that for sites or domains or users.

Windows PowerShell may look complicated to those who grew in the GUI, but here’s the best part… you don’t have to memorize anything to become a PowerShell PowerUser! All you have to do is know how to use Google (or Bing, if you are still drinking the KoolAid). Type into the Search Bar PowerShell AD Distinguished and you will come up with a good starting point.